With COVID-19 restrictions easing, many employees are starting to make a return to the workplace. But the traditional five-day working week in the office is steadily on its way to becoming obsolete for many. According to recent research, over a half of employers (55%) expect an increase in staff working from home or remotely part of the week, despite life finally returning to some sort of normality.
But with remote working here to stay, organisations are now facing a higher level of risk than ever before, and what was once seen as an acceptable level of risk may no longer be the case.
Before the pandemic, businesses were able to be more lenient with their assessment of what was deemed as an acceptable level of risk. If it wasn’t seen as “high,” then it wasn’t necessarily at the top of the priority list.
In today’s remote environment, however, any potential threats to the business, no matter how small, need to be addressed with the utmost urgency. If IT teams fail to assess and respond to these threats, the consequences could be detrimental.
But to identify and tackle potential issues in good time, IT professionals and senior leaders need to collaborate clearly and effectively. Many organisations already understand the importance of this collaboration, with nearly a half (49%) of IT professionals stating their company’s senior leaders have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be affected by a risk factor.
Having this awareness means there’s a clear opportunity here for IT professionals to collaborate with senior leaders and help ensure better risk mitigation for organisations. But this doesn’t mean there aren’t any challenges.
So how can both teams successfully overcome these challenges to guarantee a more secure future?
A simple perception change
In the SolarWinds® IT Trends report, over a third (39%) of tech professionals stated their companies have had medium exposure to enterprise IT risk. When it comes to what’s influencing this exposure, security breaches are seen to be the most prominent external factor, with just under half (46%) citing cyberattacks as the top macro trend impacting their company’s risk exposure.
Although a large majority of businesses have faced medium exposure to risk in the past, only 31% of IT pros believe their company is prepared to mitigate and manage risk. Worryingly, just over a quarter believe their senior leaders find it difficult to convince other leaders of this reality, meaning there’s a limited amount of resources to be able to address risk.
Organisations, and senior leadership especially, must change the way they perceive risk, which means shifting the threshold for interpreting risk exposure and aligning it with how threats have been amplified by external factors.
Improved collaboration
There’s clearly an opportunity for IT professionals and leadership teams to closely align on priorities and policies to make sure their organisations are prepared to successfully mitigate, manage, and minimise risk.
Collaboration is the key to realising this opportunity, as is coming to terms with the fact that it’s nearly impossible to completely avoid any security compromises.
More sophisticated threats will always be lurking on the horizon, other external factors will play their parts, and businesses are likely to come face-to-face with threats they might not have previously considered.
This means IT professionals need to focus on implementing detection, monitoring, alerts, and response along the kill chain, putting exercises in place to measure effectiveness and ensure the right tools are in place should they need to address or defend against any level of risk exposure as the threat landscape expands.
Continue the conversations
Our same report found one-third of IT professionals believe their organisations are improving alignment between IT business goals and corporate leadership in response to other technology adoption barriers—whether it’s a lack of the right IT management tools or reduced resources.
While this is positive news, more businesses need to ensure this alignment is in place if they want to see the benefits.
IT teams and senior leaders need to ensure they have ongoing, strategic discussions around risk, but they also need to understand the necessity for investment in both time and money. At the same time, IT professionals must be able to stand their ground, especially when budgets are being invested as a priority elsewhere. This means making sure they have water-tight proposals backed up by hard figures and facts when making the case for any new deployments.
At the same time, IT professionals should also feel empowered to make a similarly well-argued case when discussing the need for having the right training, personnel, and skills in place.
Successful discussions with senior leaders require IT teams to fully understand the “language of business.” This way, teams will be able to make a strong case on why training is so crucial and how this can significantly benefit the organisation.
For example, if an IT team isn’t equipped to tackle any threats, the business is at huge risk of substantial losses. Placing the right amount of investment into training, however, can reduce this risk and help to ensure an organisation is protected.
Structuring such conversations in business language can empower IT teams to confidently make their case and secure the investment needed to deliver better risk mitigation
As organisations continue to look ahead after a challenging few years, now is the perfect opportunity for both teams to reassess how risk is perceived and for senior leaders to work in tandem with IT teams to promise a secure future for everyone.
Head Geek
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.